8.1.1 Oracle XML Security Does Not Handle the InclusiveNamespaces Tag

This bug relates to a parameter used to create a signature with Oracle Security Developer Tools.

An XML Signature can use either Inclusive or Exclusive Canonicalization to canonicalize the Reference or the SignedInfo:

In Inclusive Canonicalization, all the specified and inherited namespaces are written out.

In Exclusive Canonicalization, only namespaces that are actually used are written out.

The behavior of Exclusive Canonicalization can be modified by specifying the InclusiveNamespaces parameter, which is a list of namespaces that are exceptions, that is, namespaces which should be written out even if they are not used.

Because of this bug, the InclusiveNamespaces parameter is ignored when used for canonicalizing the SignedInfo (but considered when canonicalizing a reference). As a result, when you use the Oracle XML Security API of Oracle Security Developer Tools to create a signature that uses the InclusiveNamespaces parameter, the signature value will be computed incorrectly. Similarly, when you verify a signature that uses the InclusiveNamespace parameter, the verification will incorrectly return a false.